[Mono-bugs] [Bug 561943] New: sigsegv in memcpy/mono_string_new_utf16 while JITting a verified method

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Dec 9 13:33:08 EST 2009 

http://bugzilla.novell.com/show_bug.cgi?id=561943

http://bugzilla.novell.com/show_bug.cgi?id=561943#c0


           Summary: sigsegv in memcpy/mono_string_new_utf16 while JITting
                    a verified method
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: JIT
        AssignedTo: lupus at novell.com
        ReportedBy: spouliot at novell.com
         QAContact: mono-bugs at lists.ximian.com
                CC: toshok at novell.com, rkumpera at novell.com
          Found By: ---
           Blocker: ---


Created an attachment (id=331803)
 --> (http://bugzilla.novell.com/attachment.cgi?id=331803)
assembly to reproduce crash

MONO_PATH=/opt/mono/lib/moonlight/plugin/ gdb --args mono --security=core-clr
--compile-all System.sigabrt.15554.dll

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x412f9950 (LWP 15616)]
0x00007fbefecffe9a in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x00007fbefecffe9a in memcpy () from /lib64/libc.so.6
#1  0x000000000063198b in mono_string_new_utf16 (domain=0x7fbeffff5db0,
text=0x7fbefffda5d0, len=78282793) at object.c:4368
#2  0x00000000006325eb in mono_ldstr_metadata_sig (domain=0x7fbeffff5db0,
sig=0x7fbefffda5cc "�U") at object.c:4886
#3  0x000000000063259c in mono_ldstr (domain=0x7fbeffff5db0, image=0x9d43d0,
idx=5692) at object.c:4866
#4  0x000000000046701e in mono_method_to_ir (cfg=0xa34600, method=0xa9ca60,
start_bblock=0xaa4448, end_bblock=0xaa4550, return_var=0x0,
dont_inline=0xaad100, 
    inline_args=0x0, inline_offset=0, is_virtual_call=0) at method-to-ir.c:7451
#5  0x000000000041f7bd in mini_method_compile (method=0xa9ca60, opts=55667199,
domain=0x7fbeffff5db0, run_cctors=0, compile_aot=0, parts=0) at mini.c:3402
#6  0x00000000004a382e in compile_all_methods_thread_main (args=0x7fff08162ce0)
at driver.c:881
#7  0x00000000005aebe6 in start_wrapper (data=0xa274b0) at threads.c:662
#8  0x0000000000657b1f in thread_start_routine (args=0x9fab10) at
wthreads.c:286
#9  0x0000000000670d3a in GC_start_routine (arg=0x7fbeffff6e70) at
pthread_support.c:1390
#10 0x00007fbeff235040 in start_thread () from /lib64/libpthread.so.0
#11 0x00007fbefed5208d in clone () from /lib64/libc.so.6
#12 0x0000000000000000 in ?? ()
(gdb) up
#1  0x000000000063198b in mono_string_new_utf16 (domain=0x7fbeffff5db0,
text=0x7fbefffda5d0, len=78282793) at object.c:4368
4368        memcpy (mono_string_chars (s), text, len * 2);
(gdb) p text
$1 = (const guint16 *) 0x7fbefffda5d0
(gdb) p *text
$2 = 18688
(gdb) p len
$3 = 78282793

^ we're overwriting memory!

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list